1. Field of the Invention
The present invention is directed to a postage meter machine for franking postal matter according to the preamble as well as to a print head for such a postage mater machine as well as to a method for authentication of such a print head.
2. Description of the Prior Art
A postage meter machine having a replaceable print head is disclosed by European Application 0 875 862. The print head therein has a memory element in which an identification code of the print head is stored. The postage meter machine can read this identification code with a reader and check whether the print head is authorized for that postage meter machine.
Print heads for postage meter machines are usually fashioned as disposable print heads and have an ink reservoir, drive electronics and ink nozzles from which the ink is applied onto the letter. For minimizing possibilities of manipulation, such print heads must satisfy a number of postal authority requirements. Thus, an unauthorized print head should be prevented from being used and an authorized print head should be prevented from being used with unauthorized ink. It is particularly important to prevent a customer filling the customer""s print head with unauthorized ink and to prevent a professional recycler from collecting unauthorized print heads and fills these with unauthorized ink and distributing them. Moreover, measures against misuse referred to as a xe2x80x9creplay attack,xe2x80x9d wherein frankings are copied with a number of postage meter machines, and against the employment of postally approved print heads in normal printers, should be provided.
It has developed that critical weak points of known postage meter machines are that the print head does not xe2x80x9cknowxe2x80x9d its own ink filling level, and that the filling level cannot be interrogated from the outside with suitable electronics. Refilling of such a print head with unauthorized ink therefore is easy to perform. However, even if the print head were to know its filling level, this could still be manipulated as described above. Moreover, it is often not possible to distinguish an authorized print head from an unauthorized print head in an electronic way. A further disadvantage of the postage meter machine disclosed by European Application 0 875 862 is that the postage meter machine must know the identification code stored in the memory unit of the print head, or must know which identification codes enable an authorization. Moreover, no measures against refilling and other possibilities for misuse are provided in this postage meter machine.
An object of the present is to provide measures in a postage meter machine or in a print head for a postage meter machine in order to prevent the above-described abuses. It is further an object to provide for the authentication of a print head.
The above object is achieved in accordance with the principles of the present invention in a postage meter machine, as well as in a print head for a postage meter machine, as well as in a method for authentication of a print head, wherein a security code is generated using an encryption algorithm from a first identification code that is attached to the print head and from a second identification code that is stored in a memory unit allocated to the print head. This generated security code, upon insertion of the print head in the postage meter machine, is compared to a security code that was also stored in the memory unit when the print head was manufactured. If the generated security code and the stored security code do not match, usage of the print head is not enabled.
According to the invention, the postage meter machine need not know what identification codes allow an authorization of the print head; rather, the postage meter machine itself generates a security code with a general encryption algorithm, which is compared to a security code stored on the memory unit. For generating the security code, the postage meter machine reads out a first identification code applied to the print head and a second identification code stored in the memory unit of the print head. These identification codes are subjected to the encryption algorithm, which can be a standard algorithm (for example, a DES=data encryption standard), which then generates the security code with a key code. This generated security code is then compared to a security code that is likewise stored in the memory unit of the print head, and, given agreement, the print head is authorized and the printer unit is enabled.
For example, the manufacturer of the print head or of the postage meter machine has generated the security code stored in the memory unit of the print head with the same encryption algorithm and the same key code and stored it in the memory unit. Differing from known postage meter machines, the inventive postage meter machine need not xe2x80x9cknowxe2x80x9d what code allows an authentication of the print head; rather, the security code is generated from data that are read from the print head and the memory unit and compared to a security code stored in the memory unit. Since two identification codes are required for generating the security code, and since these are accommodated at separate locations, namely at the print head and in the memory unit, it is also not possible to employ the memory unit for a different print head.
Further mechanical measures for preventing manipulations can be provided to prevent the print head from being employed in conventional printers in order to generate frankings without paying for them.
The memory unit can be permanently attached to the print head or can also input installed in the postage meter machine separate from the print head. However, a memory unit is always allocated to only one print head.
The memory unit can be a chip card. This simultaneously acts as a mechanical impediment to employing the print head in conventional printers.
In a preferred embodiment that the security code is generated before the first use, for example upon manufacture of the print head, and is stored in the memory unit, and the key code is a code allocated to the manufacturer of the print head and/or of the postage meter machine. It is thus necessary that both the manufacturer of the print head and the manufacturer of the postage meter machine employ the same encryption algorithm and the same key code, so that the same security code can be generated. Insofar as the key code is kept secret, a generally known and accessible encryption algorithm can be employed for this purpose. Alternatively, the key code can be specific for the manufacturers of postage meter machines as well as for the manufacturer of the print heads.
In a further embodiment for the selection of the identification code an arbitrary number is attached to the print head as a first identification code and a serial number is stored in the memory as a second identification code. The selection of the serial number and the selection of the arbitrary number are preferably left to the manufacturer of the print head. An arbitrary number, for example an 8 bit number, and a serial number are thus generated, the security code being subsequently generated from these and being ultimately stored in the memory unit together with the serial number. The number, the serial number and the security code thus belong together and can only effect an authentication of a print head together.
In a further embodiment a connection unit is attached to the print head for connecting the print head to a print control unit, which is a part of the printer unit of the postage meter machine. The connection unit connects contacts of the print control unit to contacts of the print head, these connections being permutated according to a permutation code. The print control unit operates the print head according to the permutation of the contacts. The connection unit, which connects contacts of the print control unit to contacts of the print head, thereby exhibits a permutation of the connections that must be taken into consideration in the transmission of the print signal by the print control unit. This means that the contacts are transposed according to a permutation code stored on the memory unit. This is intended to prevent non-authorized print heads from being inserted and frankings from being generated therewith. Since each of the print heads exhibits an individual permutation, misuse referred to as replay attacks is thereby also prevented, i.e. meaningful frankings can only be generated with this print head proceeding from a single postage meter machine.
The permutation code can be attached to the print head, and can serve as the aforementioned first identification code. A serial number can be stored in the memory unit to serve as the aforementioned second identification code.
In a further embodiment, the print head""s consumption of ink is measured and stored. When the ink has been completely used, a corresponding identifier is stored on the memory unit, which prevents further printing with this print head even when ink is refilled into the print head. For example, the security code stored on the memory unit can be deleted or modified in this case, this necessarily preventing further use of the print head. The storing of the current ink usage and the xe2x80x9cused upxe2x80x9d identifier can also ensue in the postage meter machine.